A Distributed Denial of Service or ”DDoS” attack is a cyberattack aimed to disrupt the normal traffic on a network, service or server by overwhelming it with a flood of bogus traffic. The different types of DDoS attacks include 1) volumetric attacks focused on consuming bandwidth, 2) protocol attacks which target network resources, and 3) application layer attacks aimed at overloading something specific in an application. To reduce the impact of DDoS attacks, organizations can use best practices and strategies such as disaster planning, traffic analysis, using a Web Application Firewall (WAF) to block suspicious traffic, adding a Content Delivery Network (CDN) to distribute traffic, and implementing rate limiting based on your expected user behavior.
Topics
Types of DDoS attacks
We won’t go into the technical details here, but there are several types of Distributed Denial-of-Service attacks which target different parts of an online infrastructure including:
Volumetric Attacks
The most common Distributed Denial-of-Service attack, called a “volumetric” attack, aims to consume bandwidth on the target or between the target and the rest of the internet. There are different volumetric attacks such as:
Protocol Attacks
Another DDoS attack approach is called “protocol” attacks with the goal of consuming server resources or related intermediary equipment such as load balancers and firewalls. Some protocol attacks are:
Application Attacks
An application DDoS attack focuses on the “application layer” where the web pages are created. For example, the website might use a Content Management System (CMS) like Drupal or WordPress to generate its web pages. These attacks tend to be more sophisticated and harder to detect and mitigate against. Application-based attacks include:
Multivector Attacks
The last category of Distributed Denial-of-Service attacks is when the above types are combined which can be extremely hard to combat. Here are a few articles focused specifically on multivector attacks:
- DDoS trends: What are multi-vector attacks? (RCRWireless News)
- DDoS Becomes a Bigger Priority as Multi-vector Attacks are on the Rise (Comcast)
- Strategies to minimize multi-vector DDoS attacks
Notable DDoS attacks
Distributed Denial-of-Service attacks have been part of the internet from the beginning with hackers motivated by personal gain, grudges, political beliefs and other factors. While the tools, techniques and targets have varied over the years, you’ve likely seen many headlines about big websites and online services being brought to their knees by DDoS hackers.
Just recently, web infrastructure providers Amazon Web Services, Cloudflare and Google Cloud reported the largest ever DDoS attack which was more than seven times larger than the previous record-holding DDoS attack. Here are some other notable DDoS attacks you might find interesting or may have even heard of:
- 1974 - “First DDoS Attack” by 13 year old
- 1996 - New York Panix ISP attack
- 2000 - Mafiaboy attack by 15 year old
- 2002 - Massive domain servers attack
- 2007 - Estonia Cyberattacks
- 2012 - Six Banks DDoS Attack
- 2013 - Spamhaus Attack
- 2014 - Occupy Central Hong Kong DDoS Attack
- 2015 - BBC DDoS Attack
- 2016 - Dyn Cyberattack
- 2017 - Google DDoS attack
- 2018 - GitHub Attack
- 2019 - Imperva DDoS attack
- 2020 - Amazon Web Services Attack
- 2021 - Microsoft Azure Attack
- 2022 - Google Cloud 7 Layer Attack
- 2023 - Google, AWS and Cloudflare attacks
How to mitigate against DDoS attacks
You cannot anticipate every approach a hacker might take to take down your websites and services, but here are some best practices, processes and technologies you can implement to improve your overall security strategy and minimize your risks:
Attack Response Plan: As part of your disaster recovery plan, create a detailed response guide for handling a DDoS or similar attack including identification, management and communication.
Access Restriction: Ensure all systems have adequate access controls and are restricted to the minimum number of technical staff, especially those that play a critical role in infrastructure security.
Traffic Analysis: Your technical team must regularly and frequently review traffic data and reports to look for unusual traffic patterns.
Static Website: If your website doesn’t have many or any “dynamic” pages, creating a static or mostly-static version of your website will mean hackers have much less to hack.
Content Delivery Network (CDN): Using a CDN can distribute your website content around the world which makes it harder for hackers to bring your site down.
Web Application Firewall (WAF): A WAF with DDoS protection can differentiate between real traffic and bot traffic, so your customers are allowed access while the bots are not.
Rate Limiting: Configure your infrastructure layers to use rate limiting to allow a limited number of requests per second based on factors such as IP address range, geolocation or header info.
Retrospectives: If you experience attacks or security breaches, take enough time to reflect and understand what happened and how best to avoid the same problems in the future and then implement those changes.
Additional DDoS resources
Learn more about DDoS types and related concepts by checking out these resources:
- DDoS mitigation (Wikipedia)
- Understanding and Responding to Distributed Denial-of-Service Attacks (CISA)
- DDoS Protection: 8 Simple Tactics (Blackberry)
- Google Cloud, AWS, and Cloudflare report largest DDoS attacks ever (ZDNet)
- DDOS Attack Types and Mitigation Strategies (NJCCIC)
- 10 Different Types of DDoS Attacks and How to Prevent Them (Geekflare)
- 5 Best Practices for Mitigating DDoS Attacks (Infosecurity Magazine)
About QuantCDN
Quant is a global static edge; a CDN & WAF combined with static web hosting. We provide solutions to help make WordPress and Drupal sites static, as well as support for all popular static site generators.